Online event

AI Agents for Knowledge Work | June 4 at 10am PT

.

News

Adapt is now SOC 2 Type II compliant

Jack Welsh

Jack Welsh

Head of Finance & Business Operations

What SOC 2 Type II actually meansWhy this matters for your company brainBuilt for security, not bolted onWhat is nextGet the report

Adapt has completed its SOC 2 Type II audit. An independent auditor, MJD Advisors, tested our controls across Security, Availability, and Confidentiality over a three-month period of real operation and issued a clean opinion with no exceptions and no security incidents.

We built Adapt with a focus on security from day one. Our team has shipped systems for major financial institutions and government agencies, so we know what it takes to earn trust from the most security-conscious buyers. Getting it independently validated is a different kind of proof.

What SOC 2 Type II actually means

SOC 2 comes in two forms, and the difference is how rigorously the controls are tested.

A Type I report is a point-in-time check. It confirms that your security controls are designed correctly on a given day.

A Type II report is more intensive. An independent auditor observes your controls operating over an extended period and tests whether they actually hold up under real conditions, not just on paper. It is the difference between a building inspector approving a blueprint and confirming the building has stood through a season of weather.

For Adapt, the auditor examined controls across the Security, Availability, and Confidentiality trust services criteria over a three-month period. The result was a clean opinion, no deviations noted, and no identified security incidents during the period.

“Adapt was a pleasure to work with throughout the SOC 2 examination process. Their team was engaged, thoughtful, and highly detail-oriented, and they demonstrated a genuine commitment to building and maintaining a strong security and compliance program.”

— Chris Giles, Senior Manager, MJD Advisors

Why this matters for your company brain

A company brain only works when it is connected to all your systems. The more Adapt can see across your email, documents, code, support tickets, and data, the more useful it becomes.

That level of access raises the bar on trust. For most organizations, SOC 2 Type II is the prerequisite for making those connections at all. It is the question procurement and security teams ask first, and a clean Type II report is the answer that lets the conversation move forward, often replacing a long security questionnaire and shortening the review.

This audit confirms it is safe to connect the systems that make Adapt powerful.

Built for security, not bolted on

SOC 2 confirms our controls work. An important question with any AI platform is architectural: what happens when an agent runs code and connects to your systems? We designed for that from the start.

  • Your data never trains AI models. Your conversations and business data stay in your workspace and are never used to train or fine-tune AI models. This is not just our policy, it is a control tested in our SOC 2 Type II audit with no exceptions.
  • You stay in control. Set company-wide policies that require approval before the agent takes action, or keep data sources read-only. The agent works within the guardrails you set.
  • Isolated execution. Every agent session runs in its own isolated, single-use sandbox. Nothing persists between sessions, and confidential data is isolated to dedicated data stores.
  • Least-privilege access. Adapt only touches the systems you connect. Access follows the principle of least privilege, and credentials are fetched just-in-time for the specific action that needs them rather than loaded in bulk.
  • Secrets stay secret. Integration credentials are encrypted at rest with AES-256 and in transit, and secret values are automatically redacted from logs and outputs.
  • Network controls. Sandboxed code is blocked from reaching internal and cloud metadata endpoints, closing the most common path for credential exposure.

Behind these controls sits a full security program: documented policies across access control, encryption, data retention, logging, incident response, and vendor management, all tested as part of our SOC 2 Type II audit.

What is next

SOC 2 Type II is not a one-time badge. We are subject to continuous monitoring and an annual audit cycle, so these controls stay tested as we grow.

Get the report

Security and procurement teams can request our full SOC 2 Type II report under NDA. For most reviews, the report does the heavy lifting, clearing security questionnaires faster and getting you to value sooner. If you are evaluating Adapt and need to complete a security review, we can help.

Sign up now to start connecting your company brain to the systems you already run.

About the Author

Jack Welsh

Jack Welsh

X IconLinkedIn Icon

Finance & BizOps @ Adapt

You might also like

What Glean and Claude Cowork get wrong about building AI agents for work
Work AI

What Glean and Claude Cowork get wrong about building AI agents for work

Glean and Claude Cowork are using MCP for tool integrations. Adapt doesn't. Our approach produces higher quality responses with less token usage.

How Adapt uses Adapt for AI workflows
Product

How Adapt uses Adapt for AI workflows

See how Adapt uses Adapt across product, sales and marketing to automate AI workflows, reduce busywork and keep teams moving in Slack.

Slack is my IDE
Product

Slack is my IDE

My IDE is now Slack. Here are the attribution and security problems that surfaced from coding with our agent, and how personal integrations now fix them.

Every company will have a brain.
It's inevitable.

Get started in minutes, not months.

Sign upTalk to us